Guest blog courtesy of D3 Security.
D3 recently released the first episode of its new podcast, “Let’s SOC About It.” The show, hosted by D3 Community Manager Amy Tom, will feature conversations with interesting people from across the world of cybersecurity.
The guest for episode one was Ed Vasko, the new CEO of Overwatch by High Wire Networks. Ed had many interesting things to say about his experience in the industry, how he approaches strategy as a CEO, and potential growth areas for MSSPs. We’ve collected some excerpts here, with quotes lightly edited for length and clarity.
You can watch the first episode of Let’s SOC About It on YouTube or subscribe to the show on Apple Podcasts or Spotify.
The Differences Between Leading a Startup and an Established Company
Ed Vasko might be new to Overwatch, but he has spent more than 30 years as a serial entrepreneur in cybersecurity, including more than a decade as the CEO and Co-Founder of Terra Verde Services. In Ed’s five tenures as a CEO, he has generally worked from the ground up in startups, so joining an established business like Overwatch is a new challenge. In the interview, Amy asked Ed about how that affected his approach to strategy.
Using his experience at Terra Verde as an example, Ed said, “there’s the concept of laying out the plan and then trying to execute against that plan, knowing that no good plan survives first contact. You have to have flexibility and you have to have a dynamic mindset that you're going to climb the mountain. But the pathway that you initially chose may not be the pathway to get you to the top mountain. From day one, you are in this constant mindset of, am I doing it right? Am I doing it right? Am I doing it right? It sounds like doubt, but it's more of a constant evaluation question.”
“And the benefit of coming into a new role like this [with Overwatch] is that you actually come in knowing all that work to get to this point has already been done for you. And now with Overwatch, I can come in, with a non-emotive and non-emotionally focused effort, to ask the hard questions that come back to what is our why, what is our how, and what is the value that we're providing, and then collect that information from the team. And then I can come back again and say, hey, I recognize that there's been some phenomenal work done here.”
When Can a CEO Let Emotions Factor into their Decisions?
Amy also asked Ed about when a CEO should put their analytical mind to the side and allow emotions to come into play.
“I think that the will to win, you know, the competitive aspect, there's an emotional element there and infusing that, and enhancing it within the team,” said Ed. “But more so than anything else, I think it's coming back and leading with empathy. You know, a good example is we have a couple of team members who are in North Carolina. One's in Asheville, one's in Greenville. And, with the storm that's just rampaged through there, making certain that they understand that we're there to help them however we possibly can and that they're not just an impassive Zoom screen or [Microsoft] Teams member; we recognize it collectively that they're humans. And that's part of being in a service industry, as we are.”
Channel-Focused Growth Opportunities
High Wire Networks is a master MSSP that provides MSP partners with managed cybersecurity services through Overwatch. Amy asked Ed about how he was looking at potential growth opportunities through this model.
Ed said that Overwatch’s channel focus meant that there was an opportunity to look at the “hub and spoke” aspects and help one partner provide services to many customers. He compared the model to his experience at Terra Verde, where they focused on retail brands with a franchise model.
“That's a very similar approach to a managed service provider,” Ed said. “Franchise owners are the hub and the franchisees within their ecosystem make up the necessary spokes. What franchise owners provide is a technology stack and an operating stack that help those franchisees be successful and align brand and corporate direction and so forth. All of that to say that's not very that's not dissimilar to what a managed service provider does within their channel ecosystem and their end customers.”
Based on this model, Ed said that Overwatch would look to take the existing service delivery motions that have already been developed at a high level and move them into net new areas. “In doing so, we tell the great story of what Overwatch has achieved, because telling that story helps to show credibility. It helps to show that there are very strong similarities between the managed services space and, again, a large retail brand. And those similarities all come back to, how do I deliver to a single customer a method to enable consistent high quality of service to their end customers in a way that is unmatched in the industry.”
How to Identify new Sectors for MSSP Customers
Amy asked Ed about how he identifies net new areas for Overwatch to pursue. He began his answer with an anecdote from his time as the director of Boise State University’s Institute for Pervasive Cybersecurity. As the name suggests, the institute was focused on the ubiquity of cybersecurity in the modern world.
“I actually had a student raise their hand and point to the analog clock on the wall and say, well, there's nothing cybersecurity about the analog clock. And it took me a second, but the reality is that there's a supply chain, there's distribution, there are people that are involved in that entire process. And so all of this data and all of this information and all the things that help build that analog clock, there's a cybersecurity aspect to it. And so I give that story to hopefully give a perspective that cybersecurity is so pervasive and the sector is so broad that it's actually a benefit and a challenge.”
Ed connected that anecdote to his plans at Overwatch, saying that they’re always looking for “green field” sectors where the competition isn’t there. On the other hand, Ed says, there are some sectors where the need for cybersecurity is so great that every service provider could come in and there still wouldn’t be enough coverage.
“A good example of that right now is manufacturing. There are so many different manufacturers that support the building of our defense industry and any adversarial nation state that could come in there and impact that supply chain has huge ramifications for us from a national security standpoint. The other space happens to be the critical infrastructure space. So, everything from gas, power, electricity, hospital systems, and just the things that keep the lights on and keep our society running. Those two sectors are so large that we don't have enough people, let alone enough service providers, to actually cover those entire sectors.”
On the other hand, Ed said, “there are sectors, where maybe there are so many different competitors in that space that it just doesn't make sense for us to go into. Those are oversaturated. So, we want to find those sectors that have broad strength for a lot of providers, and then also continue to build on what got us here and find those tangential routes to market that are very similar to what we already do.”
What it’s Like to Lead a Cybersecurity Company
As a five-time high-tech CEO, Ed also spoke on his leadership approach. “I always like to say, cybersecurity is an industry where if you're not waking up every day and learning something new, something's wrong. You're getting left behind. And so, over my career, what that means is that I don't necessarily wake up every day and try to find how to reverse-engineer the latest, greatest piece of ransomware or go try to find details on the latest and greatest threat actors. I have teams to do that. My job is to really look at the overarching holistic view and then try to analyze those and then bring that to my team and ask them, do you see this? Are we aligned here or are you seeing something different? Because ultimately, it's not a single decision. It's a team decision.”
These are just a few excerpts of Amy’s informative conversation with Ed Vasko on the premiere episode of D3’s podcast “Let’s SOC About It”. You can watch the entire interview here.
About D3 Smart SOAR for MSSPs
D3 supports MSSPs around the world with our Smart SOAR platform. D3 provides full multi-tenancy, so you can keep client sites, data, and playbooks completely segregated. Importantly, we’re vendor-agnostic and independent, so no matter what tools your clients use, our unlimited integrations will meet their needs. D3’s Event Pipeline can automate the alert-handling capacity of dozens of analysts, while reducing alert volume by 90% or more. Read our latest exciting announcement about Ace AI, which is automating the playbook development process without any limitations.